Vulnerabilities (CVE)

Filtered by vendor Sistemagpweb Subscribe
Total 3 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-15877 1 Sistemagpweb 1 Gpweb 2024-02-28 5.0 MEDIUM 9.8 CRITICAL
Insecure Permissions vulnerability in db.php file in GPWeb 8.4.61 allows remote attackers to view the password and user database.
CVE-2017-15875 1 Sistemagpweb 1 Gpweb 2024-02-28 7.5 HIGH 9.8 CRITICAL
SQL injection vulnerability in Password Recovery in GPWeb 8.4.61 allows remote attackers to execute arbitrary SQL commands via the "checkemail" parameter.
CVE-2017-15876 1 Sistemagpweb 1 Gpweb 2024-02-28 9.0 HIGH 7.2 HIGH
Unrestricted File Upload vulnerability in GPWeb 8.4.61 allows remote authenticated users to upload any type of file, including a PHP shell.